Voting

The Note You're Voting On

I couldn't get authentication to work properly with any of the examples. Finally, I started from ZEND's tutorial example at:http://www.zend.com/zend/tut/authentication.php?article=authentication (validate using .htpasswd) and tried to deal with the additional cases. My general conclusion is that changing the realm is the only reliable way to cause the browser to ask again, and I like to thank the person who put that example in the manual, as it got me on the right path. No matter what, the browser refuses to discard the values that it already has in mind otherwise. The problem with changing the realm, of course, is that you don't want to do it within a given session, else it causes a new request for a password. So, here goes, hopefully the spacing isn't too messed up by the cut'n'paste.

I spent the better part of a day getting this to work right. I had a very hard time thinking through what the browser does when it encounters an authentication request: seems to me that it tries to get the password, then reloads the page... so the HTML doesn't get run. At least, this was the case with IE, I haven't tested it with anything else.

// Below here runs HTML-wise only if there isn't a $_SESSION, // and the browser *can't* set $PHP_AUTH_USER... normally // the browser, having gotten the auth info, runs the page // again without getting here. // What I'm basically getting to is that the way to get // here is to escape past the login screen. I tried // putting a session_destroy() here originally, but the // problem is that the PHP runs regardless, so the // REFRESH seems like the best way to deal with it.echo "<meta http-equiv=\"REFRESH\" content=\"0;url=index.php\">" ; exit; }